Privacy Concerns: Big Data's Biggest Barrier?

Businesses must be up front with consumers about what data they're using and why. Opting out should be easier, too.

When it comes to their personal data and how it's used, people generally don't like surprises. The ongoing brouhaha over leaks of several National Security Agency (NSA) surveillance programs is a good example of this, even though the American public is split over whether the NSA activities are good or bad, according to a Pew Research Center and USA Today survey.

Still, it's fair to say that limited disclosure of personal data usage -- or no disclosure at all -- usually creates distrust among consumers, and that's something that big data advocates should strive to avoid. In fact, companies implementing big data strategies might consider this informal motto: "Don't be sneaky." The promises of a data-driven society will fail to resonate with the public if they fear the result will be more dystopian than utopian.

The goal of data usage should be to deliver benefit to both the collector of information -- typically a business or government – and the provider, according to Hunter Albright, chief executive officer for North America and global head of consulting for Beyond Analysis, a consumer analytics consulting firm.

"[If this goal isn't being met,] the analytics service providers or the businesses aren't doing their job properly," Albright said in a phone interview with InformationWeek. "In my experience, consumers get the most irritated when [their data] has been collected in stealth, and they're not very clear on how it's being used and, more importantly, how they're benefitting from it."

As demonstrated by the NSA controversy, or by Facebook's seemingly endless series of privacy flubs, many organizations aren't doing a good job of stating their data-usage intentions, which in some cases (e.g., national security, law enforcement, or general nefariousness) may be intentional.

The growth of big data presents a greater need for data collectors to provide full disclosure, as in: "Here's what we plan to do with your data." But even that approach won't solve every privacy issue. "The real sticky point here, and the harder one to work out, is the sharing of data," said Albright.

For instance, if a consumer grants one company permission to use his or her data, what rules (if any) will regulate how that information is shared across multiple companies? "I think that will become one of the biggest sticking points in terms of trying to navigate what the right policies are," Albright added.

It's also important for data collectors to make it easier for customers to opt in or out of having their information used. Doing so would require an approach similar to today's "email culture," Albright said, where people opt in to mailing lists, or use an "unsubscribe" option to opt out. "One thing we often work with businesses on is the opt-in approach to collecting data, so that there's a … contract between the consumer brand and the consumer in terms of the collection of data."

When consumers feel they're getting a tangible benefit for their personal information, their resistance to data collection starts to fade, he added. Loyalty and rewards programs are a good example of how companies persuade customers to reveal more details about things like shopping habits.

The issue of how privacy concerns impact big data isn't new, of course. Last year the Cloud Security Alliance (CSA), a consortium of technology companies and public sector agencies, launched the Big Data Working Group to establish best practices for big data security and privacy, and to help businesses and governments adopt these practices.

"There are fundamental ways in which big data science differs from current technology," Big Data Working Group member Arnab Roy, a research staff member with Fujitsu Laboratories of America, told InformationWeek in a September 2012 interview.

For instance, Roy explained, big data may include a variety of different data owners, providers and customers, and its information must be aggregated and disseminated inside the context of a formal, understandable agreement with those owners.

Database administrators are the caretakers of an organization's most precious asset -- its data -- but rarely do they have the experience and skills required to secure that data. In the What Every Database Administrator Should Know About Security report from Dark Reading, we examine what DBAs should know about security, as well as recommend how database and security pros can work more effectively together. (Free registration required.)

Most IT teams have their conventional databases covered in terms of security and business continuity. But as we enter the era of big data, Hadoop, and NoSQL, protection schemes need to evolve. In fact, big data could drive the next big security strategy shift.

Why should big data be more difficult to secure? In a word, variety. But the business won’t wait to use it to predict customer behavior, find correlations across disparate data sources, predict fraud or financial risk, and more.